A Novel Anti-forensics Technique for the Android OS

Abstract

In recent years traditional mobile-phones, used only to make calls and send text messages, have evolved into even more versatile and powerful devices (smart phones, tablets, etc.). These devices use a NAND flash memory type to store data, due to it being a memory that has been optimized for the fast updating of data. These flash memory drives usually contain sensitive data that could be a possible danger to the user's privacy. This paper proposes a new anti-forensics technique for mobile devices with the Android OS. The technique makes it possible to modify and erase, securely and selectively, the digital evidence on an Android device without having to use any cryptographic primitives or make any file system changes. While the use of cryptographic primitives or changes to the file system create considerable suspicion in a forensic analysis, the proposed technique uses simple software tools commonly used in *nix-like OSes such as the Android OS.